Steer clear of these non-WordPress traps for a secure site

Once you start taking your first tentative steps online as a small business owner, it won’t be long before the subject of security raises its ugly head. The sad reality is that there’s no shortage of bad guys out there — they’re practically waiting for you to lower your guard so they can pounce.

Site owners are regularly (and rightfully!) badgered to maintain high security standards in WordPress, but there are plenty of other open security doors in the typical small business scenario. All that diligent plugin updating will be in vain if you’re fatally exposed elsewhere in your setup.

In this piece, we’ll help you stay safe by outlining five non-WordPress security traps to avoid for a secure site. Steer clear of them all, and you’ll have gone a long way toward locking things down across the board.

Let’s start with a classic!

1. A secure site doesn’t fall for phishing

Not every phishing scenario is as laughably transparent as the average 419 attempt. Scammers have considerably upped their game over the years, and they’re more than capable of putting together sophisticated traps that can fully mimic the look and feel of services, such as an online banking interface.

Email is the classic entry point for most phishing attempts.

Email is the classic entry point for most phishing attempts, but it’s by no means the only one. You need to be equally vigilant over the phone if somebody is trying to extract information. One way or the other, the basics remain the same in terms of prevention:

Never give out sensitive information over the phone or via email.

Always think before you click. If an email is inviting you to login, do it manually rather than clicking through.

Any secure site can fall prey to phishing, so do your best to stay alert when it comes to suspicious activity.

2. Running an out-of-date operating system

The same principle applies to operating systems as it does to WordPress and associated plugins — always make sure you’re using the latest stable version from your provider.

Regardless of whether you’re running on Windows, OSX or Linux, a series of security updates will constantly be released to address vulnerabilities as they’re uncovered.

Make sure you’re taking the time to actually install these or you open yourself to considerable risk. Secure site or not, if your OS isn’t up-to-date, then you’re giving potential hackers unnecessary access.

3. Failing to use a password manager

This one is still a shockingly common problem. Let’s not beat around the bush here — you simply have to be using a password manager of some sort in your business. They’re affordable, infinitely preferable to the manual alternative, and will save you and your team a considerable amount of time and effort on a daily basis.

Easy-to-use password managers such as 1Password are a security essential.

Top-notch products, such as RoboForm and 1Password, remove a lot of the hassle involved in managing multiple passwords. In addition, they also offer you incredibly secure options for storing sensitive information like banking and credit card details. You’ve also got the option of securely backing up your information to the cloud for further peace of mind.

A secure site starts with a secure password.

This tip is really a no-brainer. If you’re not already using a password manager, there’s no better time than today to get started!

4. Not locking down your docs

While much of your sensitive data will be safely stored away behind various password-protected, third-party services, a large amount will still be stored locally in either physical or digital files. Regardless of the type, both of these options need to be adequately secured.

Luckily, getting this right is relatively straightforward. On the offline side of things, the market is packed with affordable office safe solutions, which can be used to secure both documentation and smaller devices. In addition, solutions such as Dropbox and Cubby offer affordable ways of securely storing and password protecting digital documentation.

5. Scrimping on hosting

Let’s start with the good news. General security standards at hosting companies worldwide have come on in leaps and bounds over the last decade. Here at GoDaddy, we’re proud to have played a considerable role in helping the industry raise its game over the years — but the fact remains that not every hosting provider is equal when it comes to keeping you and your users safe.

Obviously, we hope you end up selecting one of our own affordable and secure hosting packages. However, even when looking elsewhere, make sure you’re really vetting your provider on security, as well as price.

Security standards can vary wildly for hosting products, particularly in the context of shared hosting. Do your due diligence.

If you want a secure site, you need quality hosting. The few cents you save by going with a corner-cutting outfit will be dwarfed by the costs of cleanup if a security incident occurs.

Conclusion

Security is one of those areas where you don’t want to get acquainted with the basics the hard way. The five steps we’ve covered are far from the only ones you should be taking, but they’ll go a long way toward maintaining a secure site.

Tom Ewer is a freelance writer, online entrepreneur, and the founder of Leaving Work Behind and WordCandy. He has been obsessed with WordPress since he first laid eyes on it, and has been writing educational and informative content for WordPress users since 2011. When he's not running his businesses, you're likely to find him outdoors somewhere – as far away from a screen as possible!

Get our newsletters!

Email

Pro Newsletter

SmallBiz Newsletter

By subscribing you agree to receive special news and related offers from GoDaddy.

You may like…

With 17 million customers worldwide and 71 million domain names under management, GoDaddy is the place people come to name their idea, build a professional website, attract customers and manage their work.

Use of this Site is subject to express terms of use. By using this site, you signify that you agree to be bound by these Universal Terms of Service.